A method, system and computer program product for preventing at least in part a hacker from performing unwanted activities such as in a file system. A security layer may be added in the kernel space configured to determine whether a request to provide a service from a particular user was received from user space or kernel space. If the request was received from user space, then the user is an unauthenticated user. That is, the user may be a potential hacker. Subsequently, the security layer may determine whether the request satisfies requirements for unauthenticated requests. If the request was received from a secure connection manager in kernel space then the user may be treated as an authenticated user. The secure connection manager may be configured to establish a secure authorized connection with an authenticated user. Subsequently, the security layer may determine whether the request satisfies requirements for authenticated requests.